Reduce Time Spent on Shared Spreadsheets

How CyberGRX Works for Third Parties

Shared spreadsheets are eating up your valuable resources and providing limited value. CyberGRX assessments use a smart, skip level logic approach, so they automatically calibrate to your responses—removing any redundant or irrelevant questions. And, once your assessment is complete, you can use The CyberGRX Exchange to proactively share it with any upstream partner you choose. Complete one assessment, share with many.

  • Complete a Tier 1, 2 or 3 CyberGRX Assessment

    Step 1

  • Receive a detailed roadmap for improving your security

    Step 2

  • Follow CyberGRX's remediation strategies

    Step 3

  • Share with your upstream business partners

    Step 4

  • Never complete another spreadsheet again

    Step 5

Third Parties spend

15,000+ hours

completing assessments each year

Of third parties don't think these assessments are accurate
Of these assessments are not acted upon.

“The CyberGRX assessment process was comprehensive, yet seamless. The standardized assessment, and their global risk information Exchange, will help us save 400 hours or more traditionally spent on filling in assessments, so we can apply that time on proactively managing our security for our clients.”

George McKevitt, ComplySci CTO

Benefits for Third Parties

The CyberGRX Exchange and our risk assessments as-a-service help Enterprises and Third Parties cost-effectively identify, prioritize and mitigate risk.

Never complete another shared spreadsheet again
Identify and understand the remediation with the most yield
Share a single assessment with multiple upstream partners
Spend more time on proactive risk management
Drive business growth with proactive security engagement

Third-Party Cyber Risk Landscape

Break-up with your current process and implement a third-party risk management solution that helps you identify, monitor and manage risk in a digital world.

Third-party contractors are the biggest source of security incidents outside of a company’s employees.


SOURCE: PwC 2016 Global State of Information Security Report

Approximately 66% of companies extensively or significantly rely on third-party vendors.

SOURCE: The Institute of Internal Auditors Research Foundation (IIARF)

81% of organizations have seen an increase in third-party vendors in the past two years.

SOURCE: 2017 Bomgar Secure Access Threat Report

Less than 17% of organizations felt their current systems effectively managed third-party risk.

SOURCE: Ponemon Opus 2017 Third Party Data Risk Study

CyberGRX is a force multiplier for our third-party cyber risk management program. In just the first year we will be able to assess 3x more vendors than we assessed last year and reallocate the resources saved to true risk management and mitigation efforts.

Adam Fletcher
Adam Fletcher, CISO of Blackstone
See Blacktstone Case Study
  • aetna logo
  • Blackstone
  • Mass Mutual logo
  • GV logo
  • aetna logo
  • Blackstone
  • Mass Mutual logo
  • GV logo

Frequently Asked Questions

  • How much does this cost?

    For the ordering customers, there are two elements to the cost model: an annual platform access fee and a per-assessment fee that varies according to tier of service. Platform access fees are paid annually; funds put into your CyberGRX account to cover assessment fees are evergreen. Once an assessment is ordered and delivered, customers receive access to that assessment and updates for a 12-month period.

  • How long does it take to complete an assessment?

    Average timeframes to complete an assessment are as follows: ~75 days for Tier 1, ~28 days for Tier 2, ~35 days for Tier 2 Validated, and ~15 days for Tier 3. Our customer success team does an outstanding job helping third parties complete their assessments in a timely manner with training, support and coaching. That being said, average timeframes can vary depending on the unique situation.

  • If I post my assessment to the exchange, will anyone be able to see my data?

    No. You are in control of your data. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each case. If you never want to share your assessment, no one will see your assessment results. However, we do let exchange customers know of the presence of an assessment in the exchange for your organization. This facilitates the ordering process by letting them know that an assessment is available.

  • What if I’m not satisfied with my assessment after it is completed, do I have to share it?

    No, you don’t. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each customer. If you do not share an assessment that is ordered, however, you will most likely be required to fulfill the assessment obligation in some other way. Whereas, once you’ve completed a CyberGRX assessment, the CyberGRX platform allows you to continuously update your assessment and share with multiple customers, reducing time spent on filling in various assessment requests.

  • Can I provide additional materials with my assessment? SIG? SOC ll? Comments?

    Yes, we allow for comments on our assessments. As part of our evidence validation process we also consider and accept a review of other materials such as a SIG or SOC II assessment. However, we only collect metadata on those documents (Title, date published / updated, etc.) and do not maintain a copy of the documents in our Platform. Allowing for additional attachments is under consideration. You are also welcomed to share any certification documents out of band with your customer, but the platform does not currently facilitate this sharing.

Try the CyberGRX Exchange for free

Mitigate risk. Manage complexity. Reduce cost.

Request Free Trial